scram.h File Reference

#include "common/cryptohash.h"
#include "lib/stringinfo.h"
#include "libpq/libpq-be.h"
#include "libpq/sasl.h"

Include dependency graph for scram.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
char *	pg_be_scram_build_secret (const char *password)
bool	parse_scram_secret (const char *secret, int *iterations, pg_cryptohash_type *hash_type, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)
bool	scram_verify_plain_password (const char *username, const char *password, const char *secret)

Variables
PGDLLIMPORT int	scram_sha_256_iterations
PGDLLIMPORT const pg_be_sasl_mech	pg_be_scram_mech

Function Documentation

parse_scram_secret()

bool parse_scram_secret	(	const char *	secret,
		int *	iterations,
		pg_cryptohash_type *	hash_type,
		int *	key_length,
		char **	salt,
		uint8 *	stored_key,
		uint8 *	server_key
	)

Definition at line 589 of file auth-scram.c.

{
    char       *v;
    char       *p;
    char       *scheme_str;
    char       *salt_str;
    char       *iterations_str;
    char       *storedkey_str;
    char       *serverkey_str;
    int         decoded_len;
    char       *decoded_salt_buf;
    char       *decoded_stored_buf;
    char       *decoded_server_buf;
 
    /*
     * The secret is of form:
     *
     * SCRAM-SHA-256$<iterations>:<salt>$<storedkey>:<serverkey>
     */
    v = pstrdup(secret);
    if ((scheme_str = strtok(v, "$")) == NULL)
        goto invalid_secret;
    if ((iterations_str = strtok(NULL, ":")) == NULL)
        goto invalid_secret;
    if ((salt_str = strtok(NULL, "$")) == NULL)
        goto invalid_secret;
    if ((storedkey_str = strtok(NULL, ":")) == NULL)
        goto invalid_secret;
    if ((serverkey_str = strtok(NULL, "")) == NULL)
        goto invalid_secret;
 
    /* Parse the fields */
    if (strcmp(scheme_str, "SCRAM-SHA-256") != 0)
        goto invalid_secret;
    *hash_type = PG_SHA256;
    *key_length = SCRAM_SHA_256_KEY_LEN;
 
    errno = 0;
    *iterations = strtol(iterations_str, &p, 10);
    if (*p || errno != 0)
        goto invalid_secret;
 
    /*
     * Verify that the salt is in Base64-encoded format, by decoding it,
     * although we return the encoded version to the caller.
     */
    decoded_len = pg_b64_dec_len(strlen(salt_str));
    decoded_salt_buf = palloc(decoded_len);
    decoded_len = pg_b64_decode(salt_str, strlen(salt_str),
                                decoded_salt_buf, decoded_len);
    if (decoded_len < 0)
        goto invalid_secret;
    *salt = pstrdup(salt_str);
 
    /*
     * Decode StoredKey and ServerKey.
     */
    decoded_len = pg_b64_dec_len(strlen(storedkey_str));
    decoded_stored_buf = palloc(decoded_len);
    decoded_len = pg_b64_decode(storedkey_str, strlen(storedkey_str),
                                decoded_stored_buf, decoded_len);
    if (decoded_len != *key_length)
        goto invalid_secret;
    memcpy(stored_key, decoded_stored_buf, *key_length);
 
    decoded_len = pg_b64_dec_len(strlen(serverkey_str));
    decoded_server_buf = palloc(decoded_len);
    decoded_len = pg_b64_decode(serverkey_str, strlen(serverkey_str),
                                decoded_server_buf, decoded_len);
    if (decoded_len != *key_length)
        goto invalid_secret;
    memcpy(server_key, decoded_server_buf, *key_length);
 
    return true;
 
invalid_secret:
    *salt = NULL;
    return false;
}

References iterations, palloc(), pg_b64_dec_len(), pg_b64_decode(), PG_SHA256, pstrdup(), and SCRAM_SHA_256_KEY_LEN.

Referenced by get_password_type(), scram_init(), and scram_verify_plain_password().

pg_be_scram_build_secret()

char* pg_be_scram_build_secret

(

const char *

password

)

Definition at line 472 of file auth-scram.c.

{
    char       *prep_password;
    pg_saslprep_rc rc;
    char        saltbuf[SCRAM_DEFAULT_SALT_LEN];
    char       *result;
    const char *errstr = NULL;
 
    /*
     * Normalize the password with SASLprep.  If that doesn't work, because
     * the password isn't valid UTF-8 or contains prohibited characters, just
     * proceed with the original password.  (See comments at top of file.)
     */
    rc = pg_saslprep(password, &prep_password);
    if (rc == SASLPREP_SUCCESS)
        password = (const char *) prep_password;
 
    /* Generate random salt */
    if (!pg_strong_random(saltbuf, SCRAM_DEFAULT_SALT_LEN))
        ereport(ERROR,
                (errcode(ERRCODE_INTERNAL_ERROR),
                 errmsg("could not generate random salt")));
 
    result = scram_build_secret(PG_SHA256, SCRAM_SHA_256_KEY_LEN,
                                saltbuf, SCRAM_DEFAULT_SALT_LEN,
                                scram_sha_256_iterations, password,
                                &errstr);
 
    if (prep_password)
        pfree(prep_password);
 
    return result;
}

References ereport, errcode(), errmsg(), ERROR, password, pfree(), pg_saslprep(), PG_SHA256, pg_strong_random(), SASLPREP_SUCCESS, scram_build_secret(), SCRAM_DEFAULT_SALT_LEN, scram_sha_256_iterations, and SCRAM_SHA_256_KEY_LEN.

Referenced by encrypt_password().

scram_verify_plain_password()

bool scram_verify_plain_password	(	const char *	username,
		const char *	password,
		const char *	secret
	)

Definition at line 512 of file auth-scram.c.

{
    char       *encoded_salt;
    char       *salt;
    int         saltlen;
    int         iterations;
    int         key_length = 0;
    pg_cryptohash_type hash_type;
    uint8       salted_password[SCRAM_MAX_KEY_LEN];
    uint8       stored_key[SCRAM_MAX_KEY_LEN];
    uint8       server_key[SCRAM_MAX_KEY_LEN];
    uint8       computed_key[SCRAM_MAX_KEY_LEN];
    char       *prep_password;
    pg_saslprep_rc rc;
    const char *errstr = NULL;
 
    if (!parse_scram_secret(secret, &iterations, &hash_type, &key_length,
                            &encoded_salt, stored_key, server_key))
    {
        /*
         * The password looked like a SCRAM secret, but could not be parsed.
         */
        ereport(LOG,
                (errmsg("invalid SCRAM secret for user \"%s\"", username)));
        return false;
    }
 
    saltlen = pg_b64_dec_len(strlen(encoded_salt));
    salt = palloc(saltlen);
    saltlen = pg_b64_decode(encoded_salt, strlen(encoded_salt), salt,
                            saltlen);
    if (saltlen < 0)
    {
        ereport(LOG,
                (errmsg("invalid SCRAM secret for user \"%s\"", username)));
        return false;
    }
 
    /* Normalize the password */
    rc = pg_saslprep(password, &prep_password);
    if (rc == SASLPREP_SUCCESS)
        password = prep_password;
 
    /* Compute Server Key based on the user-supplied plaintext password */
    if (scram_SaltedPassword(password, hash_type, key_length,
                             salt, saltlen, iterations,
                             salted_password, &errstr) < 0 ||
        scram_ServerKey(salted_password, hash_type, key_length,
                        computed_key, &errstr) < 0)
    {
        elog(ERROR, "could not compute server key: %s", errstr);
    }
 
    if (prep_password)
        pfree(prep_password);
 
    /*
     * Compare the secret's Server Key with the one computed from the
     * user-supplied password.
     */
    return memcmp(computed_key, server_key, key_length) == 0;
}

References elog, ereport, errmsg(), ERROR, iterations, LOG, palloc(), parse_scram_secret(), password, pfree(), pg_b64_dec_len(), pg_b64_decode(), pg_saslprep(), SASLPREP_SUCCESS, SCRAM_MAX_KEY_LEN, scram_SaltedPassword(), scram_ServerKey(), and username.

Referenced by plain_crypt_verify().

Variable Documentation

pg_be_scram_mech

PGDLLIMPORT const pg_be_sasl_mech pg_be_scram_mech

extern

Definition at line 113 of file auth-scram.c.

Referenced by CheckPWChallengeAuth().

scram_sha_256_iterations

PGDLLIMPORT int scram_sha_256_iterations

extern

Definition at line 192 of file auth-scram.c.

Referenced by pg_be_scram_build_secret().